Yogesh talks about configuring and securing your Redis server to avoid attacks. Voice of experience rules!
Houston, you there ?? We’ve had a problem here.
One of our EC2 instance which has Redis server on it, got hacked out of nowhere.
Just before we knew it is hacked, we were screwing up with Redis configuration and thinking what could go wrong with it.
Houston – Roger that, give us more details.
Well, we’ve recently shifted our Redis server to new EC2 instance. The reason we had to do that was because, our Sidekiq processing got much bigger and we couldn’t afford it alongside the Nginx + Passenger. So we took a call to separate it out.
But while configuring Redis, we think we made some mistake :(.
Houston – What is that ?
Basically, we wanted the Redis to listen to all of our Passenger instances . Though by default, it listens on localhost because it’s
bind directive is set to
127.0.0.1 , it’s possible to listen on multiple interfaces by providing multiple IP…
View original post 355 more words